Microsoftckuever0983 you are right it looks like, no Trusted Launch or Secure Boot and no Bitlocker, even after I enable it in services.msc. The ability to use your own device image however should make some of this possible. With trusted launch, I tried to capture an image of a VM I already have running with trusted launch and secure boot. However, it turns out you can't capture a VM with trusted launch, and after thinking about it this makes sense. If you are standing up VMs by way of a captured VM image, this is by definition not trusted launch. Secure boot and bitlocker however I think you should be able to solve through VM cutsom image. When i try to enable application guard, and Hyper-V, I see that it says I can't because the UEFI doesn't support this. However, i see no reason you could setup a VM with the UEMI properly configured that would allow you to enable Secure Boot, bitlocker, ,hyper-v, and application guard, just as long as the VM wasn't provisioned with trusted launch. Eventually I would imagine they will work trusted launch into the windows 365 platform. Since I would guess they are using scale sets and Vm images on their end, this is probably the limiting factor now, For these reasons however, and the additional limitation of only being able to connect to one workspace in MacOS and iOS RDC, I am going to stick with the Azure VM Ds-V5 machines connected by way of Azure Gatweway VPN and Azure AD auth. I will be closely following Windows 365 development however for when they do enable the features above Also, the newly added "encrypted at host" is something not available on Windows 365 yet either. But I do think eventually all of the things I mentioned will make there way into windows 365 enterprise.
